[ofbiz-framework] branch release17.12 updated: Improved: post-auth Remote Code Execution Vulnerability (OFBIZ-12332)

Fri, 08 Oct 2021 23:03:44 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/release17.12 by this push:
     new 7db83d6  Improved: post-auth Remote Code Execution Vulnerability 
(OFBIZ-12332)
7db83d6 is described below

commit 7db83d6a53d2cefa34a70c284e37d507c6a4e228
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat Oct 9 07:48:55 2021 +0200

    Improved: post-auth Remote Code Execution Vulnerability (OFBIZ-12332)
    
    Temporarily comments out XMLRPC tests.
    
    I'll work on a definitive solution ASAP
    
    Conflicts handled by hand: framework/service/testdef/servicetests.xml
---
 framework/service/testdef/servicetests.xml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/framework/service/testdef/servicetests.xml 
b/framework/service/testdef/servicetests.xml
index 7f01d70..0c6d20c 100644
--- a/framework/service/testdef/servicetests.xml
+++ b/framework/service/testdef/servicetests.xml
@@ -66,11 +66,18 @@ under the License.
     <test-case case-name="service-eca-global-event-exec-assert-data">
         <entity-xml action="assert" 
entity-xml-url="component://service/testdef/data/ServiceEcaGlobalEventAssertData.xml"/>
     </test-case>
-    
-    <test-case case-name="service-xml-rpc">
+
+<!-- Because of "post-auth Remote Code Execution Vulnerability" (OFBIZ-12332), 
Temporarily comments out XMLRPC tests. -->
+<!--     <test-case case-name="service-xml-rpc">
         <junit-test-suite 
class-name="org.apache.ofbiz.service.test.XmlRpcTests"/>
     </test-case>
     <test-case case-name="service-xml-rpc-local-engine">
         <service-test service-name="testXmlRpcClientAdd"/>
+    </test-case> -->
+    <test-case case-name="load-data-service-permission-tests">
+        <entity-xml 
entity-xml-url="component://service/testdef/data/PermissionServiceTestData.xml"/>
+    </test-case>
+    <test-case case-name="service-permission-tests">
+        <junit-test-suite 
class-name="org.apache.ofbiz.service.test.ServicePermissionTests"/>
     </test-case>
 </test-suite>

Reply via email to